Details of Microsoft break-in revised

In a series of revelations similar to Soviet declarations during the Cold War, Microsoft has completely revised its accounting of the hacker break-in that became public last week, lessening the damage reported and the length of the compromise. It may be months before we know exactly what happened, but the official line from Microsoft goes like this: The hackers had access for only 12 days, not three months; the source code for Office and Windows was probably not accessed; and the breach did not involve a security vulnerability in any Microsoft product. The company says that it cannot comment further because of the ongoing investigation, but analysts are somewhat concerned that we were given a worst-case scenario before the facts were fully known. Why would Microsoft prepare its customers for the worst, if the actual break-in didn't involve its crown jewels?

"Our ongoing investigation has continued to narrow the scope of this situation," the company said in a statement over the weekend. "Microsoft security became aware of the illegal activity shortly after it first occurred and tracked the hacker's attempts to expand his unauthorized access to our network over a 12 day period from October 14 to October 25." This dramatically scales back the time frame of the compromise, of course, which is now expected to have occurred from an employee's home computer that was connected to the corporate network.

"As we stated earlier," the statement continues, "there is no evidence that the intruder gained access to the source code for Office or any Windows products." Actually, Microsoft CEO Steve Ballmer admitted Friday that the hackers had indeed gotten access to the source code for Windows and Office, so this is a curious comment. "There is no evidence to suggest that any of Microsoft's online services have been or will be affected by the incident, and we have no reason to believe that any customers have been or will be affected in any way. The security breach did not involve a security vulnerability in any Microsoft product." This is clearly designed to answer ongoing criticisms of Microsoft's understanding and implementation of security in its products. If the Microsoft internal network was breeched because of a Trojan worm, as still suspected, then Microsoft's Outlook or Outlook Express product is indeed the cause of the problem. Again, time will tell whether this comment is wishful thinking on Microsoft's part.

"Also as stated earlier, the hacker may have viewed some source code under development for a future product," the statement says. Microsoft refused to comment this weekend on the identity of this future product, which is curiously singular. Reports suggest that it was Microsoft's .NET technology that was compromised by the hackers, but this isn't a single product. "We remain confident based on all the evidence that no code has been modified or corrupted in any way." Again, it's unclear how the company would be able to know this in such a short period of time, but Microsoft does maintain one of the thorough software development regimens on the planet.

"Due to the ongoing criminal investigation and our desire to apprehend the person(s) responsible, we cannot comment further on any details of this investigation," the statement concludes. "We appreciate the interest in this situation and will provide further information as appropriate." What Microsoft must truly appreciate, of course, is the absolutely empty feeling of shock and disappointment felt by its customers worldwide. In recent days, high tech companies such as America Online and Buy.com have had their own security problems. But Microsoft makes the software that runs the world's desktops and a good portion of the world's servers, making the effectiveness of their own security all the more important. While it's obvious that Microsoft will tighten security as a result of the break-in, customers can only wait and hope that future revelations about this event don't reverse the positives expounded by the company over the weekend